Extended-Rights
Matthias Dieter Wallnöfer
mwallnoefer at yahoo.de
Fri Jan 30 22:56:45 GMT 2009
Dear Matthieu Patou!
I find your plan (extracting the containers from a Windows Server
deployment) okay since also all previous containers in SAMBA 4 have been
added in the same way. Additionally, you have now also the possibility
to look at the MSPP/WSPP documentation from Microsoft.
We at the moment wait until the schema update for SAMBA 4 is completed
to have the whole Microsoft AD schema up and running. Then we'll have a
look at adding containers, OU's etc. to the DIT at provisioning. In the
meantime you could give it a try and start with coding it (maybe it
needs only the actual SAMBA 4 schema classes). I would enhance
"provision_configuration.ldif". Afterwards, I would put the completed
work in Bugzilla, so it doesn't get lost.
Matthias
Matthieu Patou schrieb:
> Dear all,
>
> It seems that this part is missing in the samba4 implementation of
> microsoft AD.
> In fact a quick look at configuration
> (CN=Configuration,dc=smb4,dc=tst) naming context reveal that those
> containers are missing:
>
> * Schema
> * Physical Locations
> * NTDS Quotas
> * LostAndFoundConfig
> * ForestUpdates
> * Extended-Rights
>
> Of all of theses the Extended Rights is the most important and is used
> by the Active Directoy User and Computer tools to define more
> precisely which rights a user/group is granted !
> I guess It's quite simple to make an extraction of a W2K, W2K3 or W2K8
> server and get a dump of this container (and other as well).
> Have I the right to do so ?
> I am ready to make an extraction program and generate a dump of those
> container, to which provision_xxx.ldif this dump should be added ?
>
> And after this I guess rights can easily be granted but until
> something in the code do checking against those rights nothing will
> happen. Am I right ?
>
> Matthieu.
>
More information about the samba-technical
mailing list